More than 400m Facebook users’ data leaked: what happened and are you affected?
Phone numbers and IDs were stored in online server that was not password protected
The phone numbers of millions of Facebook users have been exposed through open online customer databases, the company has admitted.
Facebook confirmed the breach following the discovery that more than 419 million records were being stored “over several databases” in an online server that was not password protected, according to TechCrunch.
As well as phone numbers, the records reportedly included the dates of birth and Facebook ID codes of users in countries across the globe.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
A spokesperson for the social media giant said an investigation had been launched into the data breach - described by The Guardian as “the latest example of Facebook’s past privacy lapses coming back to haunt its users”.
What happened?
On Wednesday evening, TechCrunch revealed that it had been contacted by cybersecurity analyst Sanyam Jain, of New York City-based Cyware Labs, who claimed to have discovered a series of online servers containing the personal details of Facebook users.
The records included Facebook ID numbers - a “long, unique and public number” that can “easily be used to discern an account’s username” says the tech news site.
The exposed records included 133 million linked to US-based accounts and 18 million associated with UK users, says TechRadar.
However, Facebook claims that the total number of users whose information was exposed is about 210 million, rather than 419 million, as the records contained duplicates.
Regardless of the true numbers involved, the servers, which did not belong to Facebook, were not password protected and could therefore be accessed easily by the public.
TechCrunch contacted the web host after reviewing the data and the servers were swiftly taken offline.
Jake Moore, a security expert at tech firm ESET, told Forbes that “it seems crazy that personal data of this magnitude could be on a server unprotected in 2019, but this just highlights how data gets forgotten about and mistakes can happen”.
Is this incident related to the Cambridge Analytica scandal?
Possibly. Until April 2018, Facebook allowed its users to find people on the social network by simply searching their phone number, CNN reports.
This option was removed in the wake of the Cambridge Analytica row, with Facebook claiming that “malicious actors” had abused the feature to gather information on its users.
However, The Guardian suggest that the data sets at the centre of the latest leak were created using the same tool that Facebook disabled following the Cambridge Analytica revelations.
The most recently exposed data “appeared to be loaded into the exposed database at the end of last month - though that doesn’t necessarily mean the data is new”, adds TechCrunch.
“Although often tied to human error rather than a malicious breach, data exposures nevertheless represent an emerging security problem,” the site says.
Are you affected?
The issue doesn’t appear to be a severe as the numbers suggest, so hopefully not.
Jay Nancarrow, Facebook’s policy director, told TechCrunch: “This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers.
“The data set has been taken down and we have seen no evidence that Facebook accounts were compromised.”
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
5 hilariously spirited cartoons about the spirit of Christmas
Cartoons Artists take on excuses, pardons, and more
By The Week US Published
-
Inside the house of Assad
The Explainer Bashar al-Assad and his father, Hafez, ruled Syria for more than half a century but how did one family achieve and maintain power?
By The Week UK Published
-
Sudoku medium: December 22, 2024
The Week's daily medium sudoku puzzle
By The Week Staff Published
-
Is the AI bubble deflating?
Today's Big Question Growing skepticism and high costs prompt reconsideration
By Joel Mathis, The Week US Published
-
How social media is limiting political content
The Explainer Critics say Meta's 'extraordinary move' to have less politics in users' feeds could be 'actively muzzling civic action'
By Chas Newkey-Burden, The Week UK Published
-
Twitter's year of Elon Musk: what happens next?
In the Spotlight 'Your platform is dying', says one commentator, but new CEO is aiming for profitability next year
By Chas Newkey-Burden, The Week UK Published
-
Turns out Facebook isn't as polarizing as previously thought
Talking Point New studies show that, contrary to prior belief, the algorithm has little effect on driving polarization
By Theara Coleman Published
-
Mark Zuckerberg vs. Elon Musk: a tale of the tech tape
Under the Radar The two men challenged each other to a fight after years of sniping
By Justin Klawans Published
-
Clop gang: Russian hackers issue ‘dark web ultimatum’ to BBC, Boots and BA
Under the Radar Affected companies urged to install security patches and not pay cyber criminals behind hack
By Rebekah Evans Published
-
How greater online regulation is prompting fears of a ‘splinternet’
feature Government pressure worldwide means the internet is not as open as it once was
By Sorcha Bradley Published
-
Donald Trump, the Pope and the disruptive power of AI images
feature AI-generated deepfakes blur reality and could be used for political disinformation or personal blackmail
By The Week Staff Published